Avahi & Synology Shares (AFP)

edz

Today I migrated over from an EdgeRouter Lite to pfSense. I seem to have everything up and running, including Sonos across VLANS, with the exception of being able to see my Synology share drive from other VLANS. I was able to see it with the EdgeRouter with mDNS setup.

VLAN10 - 192.168.10.1/24 (Contains Synology server)
VLAN20 - 192.168.20.1/24 (Wireless clients)

My Mac is unable to detect any Time Machine shares (names Towers.local) or display the Synology server in Finder when on the VLAN20 subnet.

When on VLAN10, I see:
Screen Shot 2019-10-05 at 11.18.22.png

and when connected to VLAN20, I see:
Screen Shot 2019-10-05 at 12.01.12.png

My pfSense Avahi package is set to deny only one interface, VLAN90 which is an IoT network and Synology is setup to broadcast AFP and Time Machine shares.

Screen Shot 2019-10-05 at 12.04.28.png

I am not seeing anything in the Firewall logs that shows dropped traffic between VLAN10 and VLAN20. Lastly, this is the firewall rule config for VLAN10 and VLAN20:

Screen Shot 2019-10-05 at 12.08.09.png

In a last bid of desperation, I setup the Synology eth0 interface to also obtain an IP address on VLAN20 but this didn't seem to provide any benefit

eth0      Link encap:Ethernet  HWaddr ************ 
          inet addr:192.168.10.2  Bcast:192.168.10.255  Mask:255.255.255.0

eth0.20   Link encap:Ethernet  HWaddr ************
          inet addr:192.168.20.4  Bcast:192.168.20.255  Mask:255.255.255.0

Has anyone managed to have Synology AFP shares accessible across VLANs? As I mentioned, this was working with my EdgeRouter so I'd be great to be able to replicate this functionality on pfSense.

edz

Update: Well, a lesson if anyone faces a similar issue. I am running Unifi APs and the Block LAN to WLAN Multicast and Broadcast Data option was the culprit. It's all working now. :)

johnpoz

broadcast and multicast to your wlan is not really going to be a performance booster ;)

Why can you not just access your shares via fqdn and or even IP?

broadcast and multicast are using the legacy data rates, etc. And also have to be buffered by the AP and then sent out at the DTIM interval.. Pretty sure that when sent out from buffer its at a higher priority, etc.

Just be warned that this can be a hit on your overall wifi performance.

edz

@johnpoz I guess I could use the IP address for Time Machine but not having mDNS across subnets also cripples AirPlay to Sonos devices which are on a separate subnet too.

johnpoz

Why would you not just use the fqdn for your time machine?

What needs to talk to the sonos devices - just put them on the same L2.